This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2019-01-14
Channels
- # announcements (6)
- # architecture (5)
- # aws (4)
- # beginners (79)
- # boot (3)
- # boot-dev (7)
- # calva (21)
- # cider (17)
- # cljdoc (12)
- # clojure (83)
- # clojure-art (2)
- # clojure-belgium (2)
- # clojure-brasil (1)
- # clojure-estonia (2)
- # clojure-europe (3)
- # clojure-finland (5)
- # clojure-india (2)
- # clojure-italy (49)
- # clojure-losangeles (1)
- # clojure-nl (12)
- # clojure-spec (120)
- # clojure-sweden (2)
- # clojure-switzerland (4)
- # clojure-uk (31)
- # clojurescript (80)
- # data-science (17)
- # datavis (2)
- # datomic (31)
- # emacs (31)
- # figwheel-main (28)
- # fulcro (6)
- # jobs (2)
- # liberator (7)
- # luminus (1)
- # nrepl (2)
- # off-topic (51)
- # overtone (2)
- # pathom (4)
- # re-frame (28)
- # reitit (1)
- # rum (6)
- # shadow-cljs (26)
- # specter (2)
- # tools-deps (33)
- # yada (3)
Is there anything remotely similar to Meteor in Clojure? I mean, a framework to make realtime apps quickly.
Not sure natively, but I like the prospect. Considering Mr. Clean is on the radar for a react preplacement, there's a lot of potential for something like this.
Fulcro+Pathom+Workspaces is a really nice workflow! Has all the plumbing you need for sockets, etc. If you're more adventurous and this is a totally greenfield project, Nikolas Gobel just gave a really amazing talk on his work on 3df: https://www.youtube.com/watch?v=ZgqFlowyfTA
5Thanks for this video, it is really relevant to what I was looking for.
I am indeed looking into writing or using such a system and try to put all the pieces together. I was wondering about what I should use as a reactive data query language.
Datascript, Pathom, D2Q, EQL and QLKit are on my to-read list, and now this video too.
Yeah, its' really awesome how many people are working in this space right now, with great results! Another to investigate is https://github.com/metasoarous/datsync . Chris is doing fantastic work on this as well.
Datsync comes with a whole suite of tools aimed at making this easier.
Anyone planning on mass producing this mug? https://c1.staticflickr.com/6/5049/5340632301_e930830d72_b.jpg
If they are, they probably need a license for that logo.
Rich usually does not grant use of the logo for stuff like this
not licensed, it’s a trademark. generally Rich does not grant its use for products for sale.
Ah I see
Well if Cognitect plans on mass producing it please make a coffee version too
Thanks
https://dl2.pushbulletusercontent.com/GZfgXzq5H97oEh6CfWL5Zn5fsOxscAKW/IMG_20190114_161648.jpg
Do you also include the WARNING: Wrong number of args (2) passed to transduce?
Dunno if this is a well-discussed point already, but aren't tools.deps "git dependencies" inherently more secure than Mavencentral/Clojars? The problem I see with clojars (and rubygems, and npm) is that there's no guarantee that a release artifact corresponds in any way to a git "release" (tag or commit) So, my-clojars-release 2.1.1 could distribute evil or buggy stuff that my-git-release 2.1.1 does not reflect There are multiple possible bad scenarios: - library author is evil, pushed hidden stuff in his jar - library author's machine is compromised, he unknowingly pushes evil stuff - clojars or mavencentral are compromised, and release 2.1.1 is mutated with evil stuff (releases are immutable for library authors, but not for repositories, I would guess) I tried to play with the idea of adding a "verification sha" to clojars dependencies, but I believe checking a .jar's sha would involve git cloning the repo... which is a roundabout way of doing what tools.deps already does Thoughts? More specifically: would there be any downsides for using "git deps" whenever possible (other than for Java stuff)?
THANK YOU! I've been wondering this same thing from the start of working with npm/nuget/maven/whatever. My stomach drops every time I npm install something, but everyone does it so it must be fine right :face_with_rolling_eyes:
Git is not that safe. If is not a signed commit, I can change/fake the remote and deliver any "code"
But, tools.deps specifications go against SHAs. So if you checked that project@sha is safe, nothing can change that
Did you really check that all commits up to project@sha are safe? ;] Without signed commits, a safe commit SHA theoretically can have a collision with a compromised one. But more likely, a compromised repo will have unsigned commits that were spoofed to look authentic from the original author (and don’t we all just grab the latest from master / readme)? There was an interesting thought experiment posted in 2012 that is relevant: https://mikegerwitz.com/papers/git-horror-story
> Did you really check that all commits up to project@sha are safe? checking the file tree (as of <sha>) is enough? especially for small-to-medium libraries. Will read the article regardless!
I think you can sign .jar with your GPG key
but that says who signed it, not what is signed
I can’t speak to that, but this excellent piece has more on those concerns: https://hillelwayne.com/post/stamping-on-eventstream/
I feel like rpc/messaging passing is what is used everywhere else, but as soon as you want to talk over http, rest comes up, and like, why? if rest isn't so great that you are trying to bring all your non-http apis to it, then why saddle your http apis with it?
I prefer to buy my own tools, then when I go, they go with me.
Ah, I did take the laptop — mucho $$$ plus I don’t want company IT having a say in what I have on my personal machine.
I am thinking of getting paid version of tableplus and robo 3t but it would be out of pocket
Interesting, hadn’t seen TablePlus before.
database software seems to me to be something work should pay for. are they unwilling?
they might. you also might introduce a tool to the team that makes everyone more productive
I’m not a big fan of per-computer licensing tho.